Building a network of security champions

Adobe

By Brad Arkin, VP and Chief Security Officer, Adobe
Monday, 26 February, 2018


Building a network of security champions

A security champion program will foster an open culture mindset and benefit your entire organisation.

Many security practitioners have traditionally struggled with how to get key stakeholders to take security seriously. In recent years, security discussions have come to the forefront, and, more likely than not, you may have found yourself struggling to meet growing security demands with limited resources.

That’s why it’s imperative for central security teams to look beyond their immediate team and build an internal network of security champions to expand their reach into various parts of the organisation.

Having a security champion program is essential to any thriving organisation as it helps to create a constant, virtual representation of security throughout the business. Taking this unique approach, security champions are embedded within the various product engineering teams, and effectively form a channel of communication between the product teams and the central security team.

It’s also a great way to build strong relationships outside your central security team and a crucial step in maintaining a security-aware culture. These ambassadors can help demonstrate the value and benefits of security by working with cross-functional product engineering teams and their respective management to assign security priorities across key functions.

It is important for security champions outside of the central security team to build close relationships with the leadership across your organisation. Take peers to lunch. Join planning meetings in groups such as sales, PR, marketing, legal and executive leadership — claim a seat at the table. This will provide an avenue to implement security best practices amongst respective teams.

Make sure they understand that you are there to help, not make their lives difficult. If you have those existing relationships and buy-in from the top, it will be much easier to get the rest of the organisation on your side.

It is also critical for the central security team to align with its security champions across the organisation as this helps open the lines of communication.

For example, if the central security team is not brought into product development conversations early on, how can they weigh in on what improvements could be made to product revisions?

It’s a lot easier to get buy-in if a security champion, embedded in the product engineering team, can help the central security team prioritise and establish open dialogue with key stakeholders.

Extending beyond the central security team’s typical comfort zone, security champions know their audience and speak the right language. The central security team should work with the security champions to deliver collaborative, prioritised, data-driven arguments that outline what priorities should be addressed.

Since the security champions sit on the product engineering teams, they know the products, and they also understand where security needs to fit within product priorities. Security, reliability, performance and enhanced features are all ways to measure a product release’s success.

If your organisation does not have a security champion program in place, there is no better time than the present to get one organised. Once you have a program in place and execute it well, your central security team will be viewed as an invaluable asset to the organisation.

Security champions are a critical part of maintaining a strong central security team. Your team will thrive with an open culture mindset and operate as an essential business partner across the organisation. This ultimately benefits the entire business — a win-win for all parties involved.

Image credit: ©iStockphoto.com/pearleye

Follow us and share on Twitter and Facebook

Related Articles

Strategies for navigating Java vulnerabilities

Java remains a robust and widely adopted platform for enterprise applications, but staying ahead...

Not all cyber risk is created equal

The key to mitigating cyber exposure lies in preventing breaches before they happen.

How AI can help businesses manage their cyber risks

Artificial intelligence can be a powerful ally in the fight against cyberthreats.


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd